Search This Blog

Posts

Last night I was so tired. I planned to take a short nap (say, less than 1 hour) and then worked on various things (finishing marking student papers, editing book drafts, and so son). But, I ended up having a long sleep.

I did wake up one hour after started to sleep. I was going to wake up, but I thought ... another 5 minutes wouldn't hurt. Alas. Five minutes turned into an hour! After that I didn't feel like working. So I ended up sleeping for 7 hours. Dang! There goes my working hours.

Today I have to sleep less. (But, the sign is pointing to a different direction ... more sleep. ha ha ha.)

I am involved in a research trying to do a packet inspection on a high-speed (10Gb) [ethernet] network. There are many issues that we have to face.

First, packet drops. We are using software (tools) that requires all packets to be available before the inspection begins. Unfortunately, our network is not clean, there are packet drops. Some packets are missing. This really creates a problem for us.

We could modify the software so that it does not require all packets to be available, or we could "spoof" the missing packets. The idea is that given a timeout, if a packet is not available then we just create a dummy packet. Which one is better (less difficult to do)?

Second, high-speed packet matching library. What kind of library should we use? libnids? tcpflow? libpcap? Not that we are interested in inspecting the content of the packet (payload?). I guess it's something like ngrep but for the whole session (not just one packet).